Hopefully this type of thing is allowed...
I am working on a network design for a regional peering concept. The idea is we have an East and West Peering point. The external routers would peer with my ISP's and also AWS, Azure and other CSP's. I am looking to put the ISPs in a Internet VRF and the CSP's in a dedicated CSP VRF.
Then I was going to use multiphop EBGP to peer from my "INET" routers to my Internal routers through a Firewall ran by our security department. The idea is the external routers would take full route tables, but only advertise a 0/0 internal, in addition to routes being advertised from AWS and Azure. This would allow for dynamic failover between my West and East peering points as route's are withdrawn.
I would use BGP communities to prefer the routes from my Western peering point for properties in the western region and Eastern properties would prefer the Eastern peering point.
Thoughts? Is peering EBGP from my public facing routers on the Internet and my internal routers a bad idea? Traffic would still traverse our firewall.
Diagram attached.
↧
